The complexity of Boolean functions from cryptographic viewpoint

Cryptographic Boolean functions must be complex to satisfy Shannon\u27s principle of confusion. But the cryptographic viewpoint on complexity is not the same as in circuit complexity. The two main criteria evaluating the cryptographic complexity of Boolean functions on $F_2^n$ are the nonlinearity (and more generally the $r$-th order nonlinearity, for every positive $r< n$) and the algebraic degree. Two other criteria have also been considered: the algebraic thickness and the non-normality. After recalling the definitions of these criteria and why, asymptotically, almost all Boolean functions are deeply non-normal and have high algebraic degrees, high ($r$-th order) nonlinearities and high algebraic thicknesses, we study the relationship between the $r$-th order nonlinearity and a recent cryptographic criterion called the algebraic immunity. This relationship strengthens the reasons why the algebraic immunity can be considered as a further cryptographic complexity criterion

Constructive Relationships Between Algebraic Thickness and Normality

We study the relationship between two measures of Boolean functions; \emph{algebraic thickness} and \emph{normality}. For a function $f$, the algebraic thickness is a variant of the \emph{sparsity}, the number of nonzero coefficients in the unique GF(2) polynomial representing $f$, and the normality is the largest dimension of an affine subspace on which $f$ is constant. We show that for $0 < \epsilon<2$, any function with algebraic thickness $n^{3-\epsilon}$ is constant on some affine subspace of dimension $\Omega\left(n^{\frac{\epsilon}{2}}\right)$. Furthermore, we give an algorithm for finding such a subspace. We show that this is at most a factor of $\Theta(\sqrt{n})$ from the best guaranteed, and when restricted to the technique used, is at most a factor of $\Theta(\sqrt{\log n})$ from the best guaranteed. We also show that a concrete function, majority, has algebraic thickness $\Omega\left(2^{n^{1/6}}\right)$.Comment: Final version published in FCT'201

On the normality of pp-ary bent functions

Depending on the parity of $n$ and the regularity of a bent function $f$ from $\mathbb F_p^n$ to $\mathbb F_p$, $f$ can be affine on a subspace of dimension at most $n/2$, $(n-1)/2$ or $n/2- 1$. We point out that many $p$-ary bent functions take on this bound, and it seems not easy to find examples for which one can show a different behaviour. This resembles the situation for Boolean bent functions of which many are (weakly) $n/2$-normal, i.e. affine on a $n/2$-dimensional subspace. However applying an algorithm by Canteaut et.al., some Boolean bent functions were shown to be not $n/2$- normal. We develop an algorithm for testing normality for functions from $\mathbb F_p^n$ to $\mathbb F_p$. Applying the algorithm, for some bent functions in small dimension we show that they do not take on the bound on normality. Applying direct sum of functions this yields bent functions with this property in infinitely many dimensions.Comment: 13 page

On Closed-Cycle Loops and Applicability of Nonlinear Product Attacks to DES

In this article we look at the question of the security of Data Encryption Standard (DES) against non-linear polynomial invariant attacks. Is this sort of attack also possible for DES? We present a simple proof of concept attack on DES where a product of 5 polynomials is an invariant for 2 rounds of DES. Furthermore we present numerous additional examples of invariants with higher degrees. We analyse the success probability when the Boolean functions are chosen at random and compare to DES S-boxes. For more complex higher degree attacks the difficulties disappear progressively and up to 100 % of all Boolean functions in 6 variables are potentially vulnerable. A major limitation for all our attacks, is that they work only for a fraction of the key space. However in some cases, this fraction of the key space is very large for the full 16-round DES

Grid generation for the solution of partial differential equations

A general survey of grid generators is presented with a concern for understanding why grids are necessary, how they are applied, and how they are generated. After an examination of the need for meshes, the overall applications setting is established with a categorization of the various connectivity patterns. This is split between structured grids and unstructured meshes. Altogether, the categorization establishes the foundation upon which grid generation techniques are developed. The two primary categories are algebraic techniques and partial differential equation techniques. These are each split into basic parts, and accordingly are individually examined in some detail. In the process, the interrelations between the various parts are accented. From the established background in the primary techniques, consideration is shifted to the topic of interactive grid generation and then to adaptive meshes. The setting for adaptivity is established with a suitable means to monitor severe solution behavior. Adaptive grids are considered first and are followed by adaptive triangular meshes. Then the consideration shifts to the temporal coupling between grid generators and PDE-solvers. To conclude, a reflection upon the discussion, herein, is given